Skip to main content
Skip table of contents

Provisioning a TDE-enabled vPDB

Overview

Refer to the Transparent Data Encryption and Delphix article for an overview of TDE and the Continuous Data implementation.

Delphix supports provisioning a vPDB to three different types of a TDE-enabled target container:

  • Software keystore based target container database.

  • OKV-enabled target container database.

  • HSM-enabled target container database.

The following pages will describe in detail the procedure for each of these.

Prerequisites for provisioning a TDE-enabled vPDB to a Linked CDB

The same prerequisites that apply for provisioning a regular vPDB to a Linked CDB, also apply to a TDE software keystore based, OKV-enabled or HSM-enabled vPDB. Specifically, there must be a target environment that has an Oracle installation compatible with the Oracle installation of the source CDB and the source PDB. The following database requirements are needed to provision the vPDB to a linked CDB. For more information, refer to the Requirements for Oracle Hosts and Databases section.

Autodiscovery is recommended so that the linked CDB can be found. Otherwise, the linked CDB must be manually discovered before provisioning.

  • Linked CDB must be running

  • Linked CDB must be in ARCHIVELOG mode

  • Linked CDB should be using Block Change Tracking (BCT)

  • LogSync must be enabled for the Linked CDB.

Compatibility requirements for provisioning a TDE-enabled vPDB to a Linked CDB

For provisioning a vPDB into a Linked CDB, the source CDB and the target CDB must meet the following compatibility requirements:

  • The value of the COMPATIBLE parameter in the source CDB must be less than or equal to the value of the COMPATIBLE parameter in the target CDB.

  • They must have the same endianness.

  • They must have compatible character sets and national character sets.

  • If TDE is configured using sqlnet.ora, the encryption wallet location should be configured on the target host in the standard location as described in the Oracle documentation. If the TNS_ADMIN environment variable is being used to specify the directory location where the sqlnet.ora is located, TNS_ADMIN should point to the default location as indicated above.

Setting up auxiliary CDB parameters

During a TDE software keystore based, OKV-enabled or HSM-enabled vPDB provisioning into a Linked CDB or a vCDB, the Delphix Continuous Data Engine creates an auxiliary CDB instance (or temporary CDB used during vPDB provisioning) on the target environment to recover the vPDB to a consistent state. This auxiliary CDB will be automatically deleted (in case of provisioning to a linked CDB or to an existing vCDB) or converted to a vCDB (in case of provisioning to a new vCDB) after the vPDB is provisioned successfully. By default, this auxiliary CDB is configured to have the same init parameters as the source database. To manage the configuration of the auxiliary CDB init parameters, you must set up Repository Templates for Oracle Databases before provisioning.

For more details on additional TDE-related processing that is performed in the Auxiliary CDB, refer to the A closer look at the TDE provisioning page.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close